From owner-freebsd-hackers Thu Feb 8 15:34:59 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from aaz.links.ru (aaz.links.ru [193.125.152.37]) by hub.freebsd.org (Postfix) with ESMTP id C6FF637B503; Thu, 8 Feb 2001 15:34:32 -0800 (PST) Received: (from babolo@localhost) by aaz.links.ru (8.9.3/8.9.3) id CAA13382; Fri, 9 Feb 2001 02:34:27 +0300 (MSK) Message-Id: <200102082334.CAA13382@aaz.links.ru> Subject: Re: mount_null and jail In-Reply-To: from "Attila Nagy" at "Feb 8, 1 08:15:42 pm" To: bra@fsn.hu (Attila Nagy) Date: Fri, 9 Feb 2001 02:34:27 +0300 (MSK) Cc: freebsd-stable@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG From: "Aleksandr A.Babaylov" MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Attila Nagy writes: > Hello, > > I am trying to do the following setup: > > /jail > /jail-run > > The first is a directory in a filesystem and holds the necessary files to > run the given application. The second directory is also a simple directory > but /jail mounted into it with mount_null. > > The command I use to mount the first dir into the second is: > mount_null -o ro /jail/something /jail-run/something > > The purpose of this setup is to create jails within a standard UFS > filesystem and to mount the directories read-only and run jailed > applications in it, on a read-only partition. > This wayI don't need several partitions, mounted RO and I don't have to > create loopback filesystems or to do other magic (like a mounted ISO). > > The problem. > > When I start jail I often get page faults. > Also I want to chroot() in the jail (ftp daemon) but it page faults in all > cases. > > So > outside# jail /jail-run/something something 127.0.0.1 /bin/sh > often works and the jail starts (/jail-run is a NULL filesystem), but > > inside# chroot > drops me a page fault and restarts the machine in every cases. > > I've tried out this on 4.2-RELEASE and 4.2-STABLE (05/02/2001) -RELEASE > with a GENERIC and -STABLE with a custom kernel and all of them fail to > survive jail and chroot on a NULL FS. > > Could somebody give me hints on this? I think it's a general problem and > the problem is the use of the NULL FS, but how could I avoid this kind of > crashes? Yes, you can use nullfs very restrictive. I use such a method instead: 0garkin~(5)>df Filesystem 1K-blocks Used Avail Capacity Mounted on /dev/ad0s2h 7993324 440694 6913165 6% /usr ... /dev/ad0s3a 7993324 439767 6914092 6% /jail/pent/usr /usr and /jail/pent/usr is the same file system: 0garkin~(7)>fdisk ad0 ******* Working on device /dev/ad0 ******* parameters extracted from in-core disklabel are: cylinders=89355 heads=16 sectors/track=63 (1008 blks/cyl) ... The data for partition 2 is: sysid 165,(FreeBSD/NetBSD/386BSD) start 25041744, size 65028096 (31752 Meg), flag 0 beg: cyl 267/ sector 1/ head 0; end: cyl 266/ sector 63/ head 15 The data for partition 3 is: sysid 0,(unused) start 73812816, size 16257024 (7938 Meg), flag 0 beg: cyl 523/ sector 1/ head 0; end: cyl 266/ sector 63/ head 15 ad0s3 is inside ad0s2 and: 0garkin~(8)>disklabel ad0s2 ... # size offset fstype [fsize bsize bps/cpg] c: 65028096 0 unused 0 0 # (Cyl. 0 - 4047*) d: 16257024 0 4.2BSD 0 0 0 # (Cyl. 0 - 1011*) e: 8128512 16257024 4.2BSD 0 0 0 # (Cyl. 1011*- 1517*) f: 8128512 24385536 4.2BSD 0 0 0 # (Cyl. 1517*- 2023*) g: 16257024 32514048 4.2BSD 0 0 0 # (Cyl. 2023*- 3035*) h: 16257024 48771072 4.2BSD 0 0 0 # (Cyl. 3035*- 4047*) ad0s3 ocupies the same place as ad0s2h. More of that: 0garkin~(9)>fdisk ad0s3 ******* Working on device /dev/ad0s3 ******* parameters extracted from in-core disklabel are: cylinders=16128 heads=16 sectors/track=63 (1008 blks/cyl) Figures below won't work with BIOS for partitions not in cyl 1 parameters to be used for BIOS calculations are: cylinders=16128 heads=16 sectors/track=63 (1008 blks/cyl) Media sector size is 512 Warning: BIOS sector numbering starts with sector 1 Information from DOS bootblock is: The data for partition 1 is: sysid 165,(FreeBSD/NetBSD/386BSD) start 0, size 16257024 (7938 Meg), flag 80 (active) beg: cyl 0/ sector 1/ head 0; end: cyl 767/ sector 63/ head 15 The data for partition 2 is: sysid 165,(FreeBSD/NetBSD/386BSD) start 0, size 16257024 (7938 Meg), flag 0 beg: cyl 0/ sector 1/ head 0; end: cyl 767/ sector 63/ head 15 The data for partition 3 is: sysid 165,(FreeBSD/NetBSD/386BSD) start 0, size 16257024 (7938 Meg), flag 0 beg: cyl 0/ sector 1/ head 0; end: cyl 767/ sector 63/ head 15 The data for partition 4 is: sysid 5,(Extended DOS) start 0, size 16257024 (7938 Meg), flag 0 beg: cyl 0/ sector 1/ head 0; end: cyl 767/ sector 63/ head 15 0garkin~(10)>disklabel ad0s3 ... # size offset fstype [fsize bsize bps/cpg] a: 16257024 0 4.2BSD 1024 8192 63 # (Cyl. 0 - 16127) b: 16257024 0 4.2BSD 1024 8192 63 # (Cyl. 0 - 16127) c: 16257024 0 4.2BSD 1024 8192 63 # (Cyl. 0 - 16127) d: 16257024 0 4.2BSD 1024 8192 63 # (Cyl. 0 - 16127) e: 16257024 0 4.2BSD 1024 8192 63 # (Cyl. 0 - 16127) f: 16257024 0 4.2BSD 1024 8192 63 # (Cyl. 0 - 16127) g: 16257024 0 4.2BSD 1024 8192 63 # (Cyl. 0 - 16127) h: 16257024 0 4.2BSD 1024 8192 63 # (Cyl. 0 - 16127) so your can use any of ad0s3[a-h] for read only mount in different jails safely. More of that - you can play with partition type of ad0s3 - just set it 5 (extended DOS) - and ad0s5..ad0s30 all have the same file systems a thru h for read only mount into jails. But this is not so safely becouse of recursion thru Extended DOS partitions and not every FreeBSD version can work in such a way. And, of cause, nfs is possible (almoust) too. But if use nfs self mounted partitions order of start nfs client and nfs server in /etc/rc must be reversed. -- @BABOLO http://links.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message